Re: [PATCH] iommu/amd: Check if domain is NULL before dereference it
From: Baoquan He
Date: Thu Aug 24 2017 - 08:48:10 EST
On 08/24/17 at 03:32pm, Dan Carpenter wrote:
> Take a look at this code for example. But all the places which call
> get_domain() are the same:
>
> drivers/iommu/amd_iommu.c
> 2648 page = virt_to_page(virt_addr);
> 2649 size = PAGE_ALIGN(size);
> 2650
> 2651 domain = get_domain(dev);
> ^^^^^^^^^^^^^^
> imagined get_domain() returns NULL.
>
> 2652 if (IS_ERR(domain))
> 2653 goto free_mem;
> 2654
> 2655 dma_dom = to_dma_ops_domain(domain);
> ^^^^^^^^^^^^^^^^^^^^^^^^^
> This will Oops.
I see, it's a problem. Thanks for telling!
How about below change? But I am not very sure which errno should be
picked, seems the latter one, EBUSY is better since it has passed the
check_device() checking.
diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
index 16f1e6af00b0..2d7d04472555 100644
--- a/drivers/iommu/amd_iommu.c
+++ b/drivers/iommu/amd_iommu.c
@@ -2262,6 +2262,9 @@ static struct protection_domain *get_domain(struct device *dev)
domain = to_pdomain(io_domain);
attach_device(dev, domain);
}
+ if (domain == NULL)
+ return ERR_PTR(-EBUSY);
+
if (!dma_ops_domain(domain))
return ERR_PTR(-EBUSY);
--
2.5.5